How do I encrypt and decrypt input to an ideetext in Android, and not be able to decrypt data outside my application - firebase

The encryption is as follows:
Firebase databases
Encrypt the input from the user into the addictext
Obtain a license from within the application to encrypt data
Without a license present within the application will not be decrypted
Decrypt data only on the phone of the user and the addressee
Can you also create a phone fingerprint to configure the encryption key?
Fingerprint key such as IME number
Is there a solution?

Related

How to save Two Factor Auth TOTP Secret?

I'm currently developing two factor authentication based on totp. For this you have to generate a secret and save it on the server side and on the client-side (usually through the QR code).
My Question: How do I store it in the database? My requirements are that it's saved secure, preferably encrypted. Hashed doesn't work because I need to be able to have the plain-text value in order to calculate the totp secret code. When I encrypt it, with what key? Should I use a general key? Should I use the password from the user as the key? This would have the disadvantage that when a password reset is done, I can't Decrypt the totp secret key anymore.
Any ideas?

How secure is encryption provided by CryptProtectData API?

Say, if I encrypt some text using CryptProtectData API without specifying the CRYPTPROTECT_LOCAL_MACHINE flag. If I understood it correctly, doing so will allow only the user that my application was running under to decrypt it.
Let's assume that I saved the resulting ciphertext data in HKCU registry key for my application. So obviously some other users (from other user accounts) will be able to read that data from registry.
My question is, will any other user on that computer be able to decrypt it without having the initial user log in to that machine?
Certainly, no other user can decrypt it. User master key is needed to decrypt the data and it is created by user password. So copying the registry info doesn't allow to decrypt the data.
Master Key, created and encrypted with user's password, is stored in a
separate file in the Master Key storage folder along with other system
data. User's Master Keys are stored in %APPDATA%/Microsoft/Protect/%SID%,
where %APPDATA% is the Application Data directory.
More info here

Decrypt master password of windows API CryptProtectData (presumably)

Is it possible to decrypt master password if I have data for encryption (text) and the result of encryption of this data (BLOB).
I want to decrypt Google Chrome master password that is used for encryption data. As I know chrome uses windows API CryptProtectData function. I have plaintext1 and ciphertext1. Also I have ciphertext2 and I want to decrypt plaintext2.

Rails Public Key Encryption - Decryption to happen offline

I need to protect some highly confidential information at the highest level. I planning to go with public key encryption to secure this information.
Plan:
The encryption key will be on the server and will be used to encrypt the information. The decryption key will be kept offline and will be used to decrypt the information whenever required.
I tried to go with https://github.com/spikex/strongbox but how do I make the decryption offline?

Using a password to protect private key in c++

I'm planning to write a little application with the basic idea that users are able to share encrypted information with each other. A little scenario: Alice writes a memo (data format is known), the application encrypts this memo and saves the memo on the application server. Now Alice wants to share this memo with Bob. Alice opens the application, searches for user "Bob" and receives the public key of Bob. The application encrypts the memo with Alice and Bob's key and saves the memo on the server. Now Bob is also able to read the memo.
The private key of the user only belongs to the device where the application is installed. It is never transferred over network. Nevertheless I would like to 'encrypt' the private key with the password of the user, so it can be stored in a (relative) secure way on the device and only be 'decrypted' if the correct password is entered. The key itself should not be altered if the password of the user changes, because this would cause that all data will have to be encrypted again with this new key. Instead the user will have to enter the old passphrase, the key is decrypted and encrypted again with the new passphrase.
Is there any function (maybe in OpenSSL?) to 'encrypt' or protect a key with a passphrase?
Note: the private key may or may not be stored in a keystore. because the application will run on many plattforms it is not clear in advance which keystore is available.
Is it possible to integrate PGP in my own applications?
GnuPG Made Easy (GPGME) "is a library designed to make access to GnuPG easier for applications. It provides a High-Level Crypto API for encryption, decryption, signing, signature verification and key management."
Using OpenSSL you can save your key in a protected form (BEGIN RSA ENCRYPTED...). An exemplary function you may want to use (I'm omiting all the operations required beforehand, but they're pretty elementary).
PEM_write_PKCS8PrivateKey(pFile, m_pKey, cipher, sPass, iPassLen, 0, NULL)
where cipher is your encryption algorithm, of appropriate type. More (with examples!) here: https://www.openssl.org/docs/manmaster/crypto/pem.html

Resources